Application: Evolution 2.22.2
OS: Linux - Ubuntu 8.04
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description
Evolution is an email client that is built with ubuntu.
------------------------------------------------------
Vulnerability
The vulnerability works when mail is sent and specially armed with html code, this causes the client to break.
Analyzing with a debugger, you can see the failure with the following function.
0xb7a219d7 in html_engine_get_view_width () from /usr/lib/libgtkhtml-3.14.so.19
------------------------------------------------------
POC/EXPLOIT
The proof of concept can be done locally,
when you save the following code in a html file and then load it into an e-mail from the new option "insert" and "html
file",
as that could verify the client is broken.
<IFRAME SRC="A"></IFRAME>
<FRAMESET><FRAME SRC="A"></FRAMESET>
------------------------------------------------------
Juan Pablo Lopez Yacubian
{"id": "SECURITYVULNS:DOC:20090", "bulletinFamily": "software", "title": "Evolution Vulnerability", "description": "\r\nApplication: Evolution 2.22.2\r\nOS: Linux - Ubuntu 8.04\r\n------------------------------------------------------\r\n1 - Description\r\n2 - Vulnerability\r\n3 - POC/EXPLOIT\r\n\r\n\r\n------------------------------------------------------\r\nDescription\r\n\r\nEvolution is an email client that is built with ubuntu.\r\n\r\n\r\n------------------------------------------------------\r\nVulnerability\r\n\r\n \r\nThe vulnerability works when mail is sent and specially armed with html code, this causes the client to break.\r\n\r\nAnalyzing with a debugger, you can see the failure with the following function.\r\n\r\n\r\n0xb7a219d7 in html_engine_get_view_width () from /usr/lib/libgtkhtml-3.14.so.19\r\n\r\n\r\n------------------------------------------------------\r\nPOC/EXPLOIT\r\n\r\n \r\nThe proof of concept can be done locally, \r\nwhen you save the following code in a html file and then load it into an e-mail from the new option "insert" and "html\r\nfile",\r\nas that could verify the client is broken.\r\n\r\n<IFRAME SRC="A"></IFRAME>\r\n<FRAMESET><FRAME SRC="A"></FRAMESET>\r\n\r\n------------------------------------------------------\r\nJuan Pablo Lopez Yacubian", "published": "2008-06-26T00:00:00", "modified": "2008-06-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20090", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:26", "edition": 1, "viewCount": 17, "enchantments": {"score": {"value": -0.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9115"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9115"]}]}, "exploitation": null, "vulnersScore": -0.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645258575, "score": 1659803227}, "_internal": {"score_hash": "44b7e13ce0f4afa63bba1e76f9151b6b"}}